package com.echat.config.security.config;

import com.echat.config.security.authention.MyAuthenticationEntryPoint;
import com.echat.config.security.authention.MyLogoutSuccessHandler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import java.util.List;

/**
 * @author chentl
 * @version V1.0
 * @Project MyResourceServerConfig
 * @Title MyResourceServerConfig.java
 * @Description 资源服务器
 * @Package com.echat.config.security.config
 * @date 2019/6/10 10:24
 * @Copyright: 上海顺益信息科技有限公司 All rights reserved.
 */
@Configuration
@EnableResourceServer
@Slf4j
public class MyResourceServerConfig extends ResourceServerConfigurerAdapter {

    public static final String ROLE_ADMIN = "ADMIN";

    @Autowired
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;

    @Value("#{'${auth.excludeUrls}'.split(',')}")
    private List<String> excludeUrls;

    @Bean
    public MyLogoutSuccessHandler myLogoutSuccessHandler() {
        return new MyLogoutSuccessHandler();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.stateless(false)
                .accessDeniedHandler(myAuthenticationEntryPoint)
                .authenticationEntryPoint(myAuthenticationEntryPoint);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        String[] excludeResources = excludeUrls.toArray(new String[excludeUrls.size()]);
        log.info("=========================Oauth2 资源服务器启动=========================");
        http/*.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                .and()*/
                //请求权限配置
                .authorizeRequests()
                //下面的路径放行，不需要经过认证
                .antMatchers("/oauth/**", "/user/login", "/music/**").permitAll()
                //以下请求允许游客访问
                .antMatchers(excludeResources).permitAll()
                //OPTIONS 请求不需要鉴权
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                //用户的增删改接口只允许管理员访问
//                .antMatchers(HttpMethod.POST, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
//                .antMatchers(HttpMethod.PUT, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
//                .antMatchers(HttpMethod.DELETE, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
                //获取角色 权限列表接口只允许系统管理员及高级用户访问
//                .antMatchers(HttpMethod.GET, "/auth/role").hasAnyAuthority(ROLE_ADMIN)
                //其余接口没有角色限制，但需要经过认证，只要携带token就可以放行
                .antMatchers("/**").authenticated()
                .anyRequest().authenticated();

//        配置一
        //表单登录
//        http.formLogin()
//                .loginPage("/authentication/require")
//                .loginProcessingUrl("/authentication/form")
//                .successHandler(myAuthenticationSuccessHandler)
//                .failureHandler(myAuthenticationFailHandler);
//        //异常跳转
//        http.exceptionHandling()
//                .authenticationEntryPoint(myAuthenticationEntryPoint)
//                .and()
//                .logout()
//                .logoutUrl("/oauth/logout")
//                .logoutSuccessHandler(myLogoutSuccessHandler());
//        //请求授权
//        http.authorizeRequests()
//                .antMatchers("/user/*").authenticated()
//                .antMatchers("/oauth/token").permitAll()
//                .anyRequest().permitAll()
//                .and()
//                //关闭跨站防护请求
//                .csrf().disable();


    }
}
